[German]What a PR disaster for Microsoft – next week, devices with the "Copilot+PC" concept are to be launched on the market. But the most important function "Windows Recall", which Microsoft recently praised as the "philosopher's stone of AI", will be missing. There is the recall of Recall, which is now haunting the web as a meme. The pressure and outcry from security experts regarding this function was probably too big.
Windows Recall recalled
The information came to my attention overnight in the form of the following tweet from Zac Bowden, Windows Central. The message: "Microsoft is postponing the Windows Recall rollout. Copilot+ PCs will ship next week without their most important AI feature."
In a blog post Update on the Recall preview feature for Copilot+ PCs from June 13, 2024, Microsoft explains its withdrawal. The Recall feature for Copilot+ PCs, which was introduced with great fanfare on May 20, 2024, will be withdrawn in the preview of Windows 11. From June 18, 2024, Recall will no longer be available as a preview for Copilot+ PCs, but will initially be available in the Windows Insider Program (WIP) in the coming weeks.
June 18 is the third Tuesday of the month when Microsoft used to release preview updates. Microsoft justifies this recall by saying that it wants to "provide a trusted, secure and stable experience for all customers" and also plans to gather additional feedback before making the feature available to all Copilot+ PC users. Security is Microsoft's "top priority" and this recall is in line with the Secure Future Initiative (SFI).
This Secure Future Initiative (SFI) is also reflected in the additional security measures that Microsoft intends to provide for recall content. These include "just-in-time" decryption protected by Windows Hello Enhanced Sign-in Security (ESS), so that Recall snapshots are only decrypted and made accessible when the user authenticates themselves. I reported on these ideas in the blog post Microsoft improves AI feature Recall and adds "security measures" – is that enough?
The background illuminated
On May 20, 2024, Microsoft presented the "Copilot+PC" initiative, which is intended to herald a completely new device function with Windows 11, specialized hardware (ARM CPUs with NLP processors for AI functions). A Recall function for Windows was also presented in this context. The Recall function enables the user under Windows to have screenshots of the user's screen taken continuously, so that everything the user does is recorded (snapshots are saved in each case, which should also include inputs and mouse movements). The results are stored in an SQLight database in the user profile and can be analyzed and searched using a generative AI model. For example, the user should be able to ask "what did I look at recently as a travel destination" and then be shown the relevant documents, websites, emails etc. by Recall.
The Recall function was highly controversial right from the start because it represents a potential surveillance tool and a blatant security risk for the Windows ecosystem. Microsoft boss Nadella assured in an interview that everything is only kept locally and everything is secure. But security researchers were up in arms and were able to prove within a few hours that information such as deleted emails, passwords or login data or confidential documents could be retrieved from the database.
In the blog post Copilot+AI: Recall, a security disaster – AI-assisted theft, I summarized the picture I could see from the phalanx of security researchers. Not a single good thing was said about this concept and the function that was knitted with a hot needle. I hadn't brought it up, but Microsoft must have developed Recall very much under the eyes of the public and even Windows Insiders were probably not involved in the tests.
In view of the fact that Microsoft has its back against the wall in terms of security – see my recent German articles Whistleblower: Microsoft ignorierte Warnungen vor AD-Bug; wurde 2020 bei SolarWinds-Hack ausgenutzt and Microsoft übt sich in Schadensbegrenzung bei Kongress-Anhörung (13.6.2024): Sicherheit habe Vorrang vor KI – has now probably been forced to recall that feature. Windows Insiders will be shipped with implemented recall feature. We have to wait and see, what Microsoft will provide in details.
Similar articles:
Microsoft's AI PC with Copilot – some thoughts – Part 1
Microsofts Copilot+PC, a privacy and security nightmare – Part 2
Copilot+AI: Recall, a security disaster – AI-assisted theft
Microsoft improves AI feature Recall and adds "security measures" – is that enough?
